From: "Yann E. MORIN" <yann.morin.1998@free.fr>
To: Daniel Lang <dalang@gmx.at>
Cc: buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH] package/ncurses: security bump to 6.4.20230429
Date: Sat, 6 May 2023 17:36:48 +0200 [thread overview]
Message-ID: <20230506153648.GH252090@scaer> (raw)
In-Reply-To: <20230505192743.6844-1-dalang@gmx.at>
Daniel, All,
On 2023-05-05 21:27 +0200, Daniel Lang spake thusly:
> Update to 6.4 and use latest snapshot to fix CVE-2023-29491.
> COPYING has been changed in snapshot 20230107 to update the year [0].
> Update CVE version to major.minor.snapshot, as NVD uses the snapshot date as patch version [1].
Nice! :-)
> [0]: https://github.com/ThomasDickey/ncurses-snapshots/commit/eedb756850fdddcd2767d488ed5ea323d40b37ec
> [1]: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe:2.3:a:gnu:ncurses
>
> Signed-off-by: Daniel Lang <dalang@gmx.at>
Applied to master, thanks.
Regards,
Yann E. MORIN.
> ---
> package/ncurses/ncurses.hash | 4 ++--
> package/ncurses/ncurses.mk | 9 +++------
> 2 files changed, 5 insertions(+), 8 deletions(-)
>
> diff --git a/package/ncurses/ncurses.hash b/package/ncurses/ncurses.hash
> index c96bf77bce..a5f83c8725 100644
> --- a/package/ncurses/ncurses.hash
> +++ b/package/ncurses/ncurses.hash
> @@ -1,4 +1,4 @@
> # Locally calculated
> -sha256 4057d800ee96623ae70d06b05b2dadb481a80c030e4968aa5d9bcea4439441da ncurses-6.3-20221224.tar.gz
> +sha256 004603a9b3ec51599ef0a0089482004ee3d33b0240d87ce17b6f77525b51fb4e ncurses-6.4-20230429.tar.gz
> # Locally computed
> -sha256 63de87399e9fc8860236082b6b0520e068e9eb1fad0ebd30202aa30bb6f690ac COPYING
> +sha256 0413b2f4ea863194c174673032f0fca84f1ea1ed4eed6476baea68c075a631ce COPYING
> diff --git a/package/ncurses/ncurses.mk b/package/ncurses/ncurses.mk
> index 73e3c3feb8..4753da299c 100644
> --- a/package/ncurses/ncurses.mk
> +++ b/package/ncurses/ncurses.mk
> @@ -5,8 +5,8 @@
> ################################################################################
>
> # When there is no snapshost yet for a new version, set it to the empty string
> -NCURSES_VERSION_MAJOR = 6.3
> -NCURSES_SNAPSHOT_DATE = 20221224
> +NCURSES_VERSION_MAJOR = 6.4
> +NCURSES_SNAPSHOT_DATE = 20230429
> NCURSES_VERSION = $(NCURSES_VERSION_MAJOR)$(if $(NCURSES_SNAPSHOT_DATE),-$(NCURSES_SNAPSHOT_DATE))
> NCURSES_VERSION_GIT = $(subst .,_,$(subst -,_,$(NCURSES_VERSION)))
> NCURSES_SITE = $(call github,ThomasDickey,ncurses-snapshots,v$(NCURSES_VERSION_GIT))
> @@ -15,12 +15,9 @@ NCURSES_DEPENDENCIES = host-ncurses
> NCURSES_LICENSE = MIT with advertising clause
> NCURSES_LICENSE_FILES = COPYING
> NCURSES_CPE_ID_VENDOR = gnu
> -NCURSES_CPE_ID_VERSION = $(NCURSES_VERSION_MAJOR)
> +NCURSES_CPE_ID_VERSION = $(NCURSES_VERSION_MAJOR)$(if $(NCURSES_SNAPSHOT_DATE),.$(NCURSES_SNAPSHOT_DATE))
> NCURSES_CONFIG_SCRIPTS = ncurses$(NCURSES_LIB_SUFFIX)6-config
>
> -# Fixed since snapshot 20220416
> -NCURSES_IGNORE_CVES += CVE-2022-29458
> -
> NCURSES_CONF_OPTS = \
> --without-cxx \
> --without-cxx-binding \
> --
> 2.40.1
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2023-05-06 15:36 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-05 19:27 [Buildroot] [PATCH] package/ncurses: security bump to 6.4.20230429 Daniel Lang
2023-05-06 15:36 ` Yann E. MORIN [this message]
2023-05-30 19:40 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230506153648.GH252090@scaer \
--to=yann.morin.1998@free.fr \
--cc=buildroot@buildroot.org \
--cc=dalang@gmx.at \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox